<!DOCTYPE HTML>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> 
    <title> - 天地维杰网</title>
    <meta name="keywords" content="系统架构,shutdown,不与天斗,Domino,博客,程序员,架构师,笔记,技术,分享,java,Redis">
    
    <meta property="og:title" content="">
    <meta property="og:site_name" content="天地维杰网">
    <meta property="og:image" content="/img/author.jpg"> 
    <meta name="title" content=" - 天地维杰网" />
    <meta name="description" content="天地维杰网 | 博客 | 软件 | 架构 | Java "> 
    <link rel="shortcut icon" href="http://www.shutdown.cn/img/favicon.ico" />
    <link rel="apple-touch-icon" href="http://www.shutdown.cn/img/apple-touch-icon.png" />
    <link rel="apple-touch-icon-precomposed" href="http://www.shutdown.cn/img/apple-touch-icon.png" />
    <link href="http://www.shutdown.cn/js/vendor/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css" />
    <link href="http://www.shutdown.cn/js/vendor/fancybox/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css" />
    <link href="http://www.shutdown.cn/css/main.css" rel="stylesheet" type="text/css" />
    <link href="http://www.shutdown.cn/css/syntax.css" rel="stylesheet" type="text/css" />
    <script type="text/javascript" id="hexo.configuration">
  var NexT = window.NexT || {};
  var CONFIG = {
    scheme: 'Pisces',
    sidebar: {"position":"left","display":"post"},
     fancybox: true, 
    motion: true
  };
</script>
</head>
<body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans">
<div class="container one-collumn sidebar-position-left page-home  ">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"> <div class="site-meta  custom-logo ">

  <div class="custom-logo-site-title">
    <a href="http://www.shutdown.cn"  class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <span class="site-title">天地维杰网</span>
      <span class="logo-line-after"><i></i></span>
    </a>
  </div>
  <p class="site-subtitle">人如秋鸿来有信，事若春梦了无痕</p>
</div>

<div class="site-nav-toggle">
  <button>
    <span class="btn-bar"></span>
    <span class="btn-bar"></span>
    <span class="btn-bar"></span>
  </button>
</div>

<nav class="site-nav">
    <ul id="menu" class="menu">
      
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br />首页
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/redis/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-battery-full"></i> <br />Redis
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/java/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-coffee"></i> <br />java
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/linux/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-linux"></i> <br />linux
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/daily/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-bug"></i> <br />日常问题
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/spring/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-child"></i> <br />Spring和Springboot
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/spring/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-fire"></i> <br />Mac相关
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/middleware/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-gavel"></i> <br />中间件
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/jiagou/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-rocket"></i> <br />架构
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/python/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-ship"></i> <br />python
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/front/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-bolt"></i> <br />前端
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/jvm/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-balance-scale"></i> <br />JVM
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/post/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br />归档
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/about/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-user"></i> <br />关于
          </a>
        </li>
      
      <li class="menu-item menu-item-search">
        <a href="javascript:;" class="popup-trigger"> <i class="menu-item-icon fa fa-search fa-fw"></i> <br /> 搜索</a>
      </li>
    </ul>
    <div class="site-search">
      <div class="popup">
 <span class="search-icon fa fa-search"></span>
 <input type="text" id="local-search-input">
 <div id="local-search-result"></div>
 <span class="popup-btn-close">close</span>
</div>

    </div>
</nav>

 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            
<section id="posts" class="posts-expand">
  <article class="post post-type-normal " itemscope itemtype="http://schema.org/Article">
    <header class="post-header">
      <h1 class="post-title" itemprop="name headline">
        <a class="post-title-link" href="http://www.shutdown.cn/post/iptables/" itemprop="url">
        
        </a>
      </h1>
      <div class="post-meta">
      <span class="post-time">
<span class="post-meta-item-icon">
    <i class="fa fa-calendar-o"></i>
</span>
<span class="post-meta-item-text">时间：</span>
<time itemprop="dateCreated" datetime="2016-03-22T13:04:35+08:00" content="0001-01-01">
    0001-01-01
</time>
</span> 
      
      
       <span>
&nbsp; | &nbsp;
<span class="post-meta-item-icon">
    <i class="fa fa-eye"></i>
</span>
<span class="post-meta-item-text">阅读：</span>
<span class="leancloud-visitors-count">1045 字 ~5分钟</span>
</span>
      </div>
    </header>
    <div class="post-body" itemprop="articleBody">
    

    <p>在Linux服务器被攻击的时候，有的时候会有几个主力IP。如果能拒绝掉这几个IP的攻击的话，会大大减轻服务器的压力，说不定服务器就能恢复正常了。</p>

<p>在Linux下封停IP，有封杀网段和封杀单个IP两种形式。一般来说，现在的攻击者不会使用一个网段的IP来攻击（太招摇了），IP一般都是散列的。于是下面就详细说明一下封杀单个IP的命令，和解封单个IP的命令。</p>

<p>Linux防火墙：iptables禁IP与解封IP常用命令</p>

<p>在Linux下，使用ipteables来维护IP规则表。要封停或者是解封IP，其实就是在IP规则表中对入站部分的规则进行添加操作。</p>

<p>要封停一个IP，使用下面这条命令：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#000;font-weight:bold">.</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#000;font-weight:bold">.</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#000;font-weight:bold">.</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>要解封一个IP，使用下面这条命令：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">D</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#000;font-weight:bold">.</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#000;font-weight:bold">.</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#000;font-weight:bold">.</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span><span style="color:#ce5c00;font-weight:bold">*</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>参数-I是表示Insert（添加），-D表示Delete（删除）。后面跟的是规则，INPUT表示入站，<strong><em>.</em></strong>.<strong><em>.</em></strong>表示要封停的IP，DROP表示放弃连接。</p>

<p>此外，还可以使用下面的命令来查看当前的IP规则表：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">list</span>
</code></pre></div>
<p>比如现在要将123.44.55.66这个IP封杀，就输入：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">123.44</span><span style="color:#0000cf;font-weight:bold">.55</span><span style="color:#0000cf;font-weight:bold">.66</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>要解封则将-I换成-D即可，前提是iptables已经有这条记录。如果要想清空封掉的IP地址，可以输入：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">flush</span>
</code></pre></div>
<p>要添加IP段到封停列表中，使用下面的命令：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">121.0</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">8</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>其实也就是将单个IP封停的IP部分换成了Linux的IP段表达式。关于IP段表达式网上有很多详细解说的，这里就不提了。</p>

<p>相信有了iptables的帮助，解决小的DDoS之类的攻击也不在话下！</p>

<p>附：其他常用的命令</p>

<p>编辑 iptables 文件</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">vi</span> <span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#000">etc</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#000">sysconfig</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#000">iptables</span>
</code></pre></div>
<p>关闭/开启/重启防火墙</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#a40000">/</span><span style="color:#a40000">e</span><span style="color:#a40000">t</span><span style="color:#a40000">c</span><span style="color:#a40000">/</span><span style="color:#a40000">i</span><span style="color:#a40000">n</span><span style="color:#a40000">i</span><span style="color:#a40000">t</span><span style="color:#a40000">.</span><span style="color:#a40000">d</span><span style="color:#a40000">/</span><span style="color:#a40000">i</span><span style="color:#a40000">p</span><span style="color:#a40000">t</span><span style="color:#a40000">a</span><span style="color:#a40000">b</span><span style="color:#a40000">l</span><span style="color:#a40000">e</span><span style="color:#a40000">s</span><span style="color:#a40000"> </span><span style="color:#a40000">s</span><span style="color:#a40000">t</span><span style="color:#a40000">o</span><span style="color:#a40000">p</span>
<span style="color:#a40000">#</span><span style="color:#000">start</span> <span style="color:#000">开启</span>
<span style="color:#a40000">#</span><span style="color:#000">restart</span> <span style="color:#000">重启</span>
</code></pre></div>
<p>验证一下是否规则都已经生效：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">L</span>
</code></pre></div>
<p>保存并重启iptables</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#a40000">/</span><span style="color:#a40000">e</span><span style="color:#a40000">t</span><span style="color:#a40000">c</span><span style="color:#a40000">/</span><span style="color:#a40000">r</span><span style="color:#a40000">c</span><span style="color:#a40000">.</span><span style="color:#a40000">d</span><span style="color:#a40000">/</span><span style="color:#a40000">i</span><span style="color:#a40000">n</span><span style="color:#a40000">i</span><span style="color:#a40000">t</span><span style="color:#a40000">.</span><span style="color:#a40000">d</span><span style="color:#a40000">/</span><span style="color:#a40000">i</span><span style="color:#a40000">p</span><span style="color:#a40000">t</span><span style="color:#a40000">a</span><span style="color:#a40000">b</span><span style="color:#a40000">l</span><span style="color:#a40000">e</span><span style="color:#a40000">s</span><span style="color:#a40000"> </span><span style="color:#a40000">s</span><span style="color:#a40000">a</span><span style="color:#a40000">v</span><span style="color:#a40000">e</span>
<span style="color:#000">service</span> <span style="color:#000">iptables</span> <span style="color:#000">restart</span>
</code></pre></div>
<p>linux下实用iptables封ip段的一些常见命令：</p>

<p>封单个IP的命令是：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">211.1</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.0</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>封IP段的命令是：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">211.1</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">16</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">211.2</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">16</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">211.3</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">16</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>封整个段的命令是：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">211.0</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">8</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>封几个段的命令是：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">61.37</span><span style="color:#0000cf;font-weight:bold">.80</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">24</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">61.37</span><span style="color:#0000cf;font-weight:bold">.81</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">24</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p><strong>想在服务器启动自运行的话有三个方法：</strong></p>

<p>1、把它加到/etc/rc.local中</p>

<p>2、iptables-save &gt;;/etc/sysconfig/iptables可以把你当前的iptables规则放到/etc/sysconfig/iptables中，系统启动iptables时自动执行。</p>

<p>3、service iptables save 也可以把你当前的iptables规则放/etc/sysconfig/iptables中，系统启动iptables时自动执行。</p>

<p>后两种更好此，一般iptables服务会在network服务之前启来，更安全。</p>

<p><strong>解封的话：</strong> iptables -D INPUT -s IP地址 -j REJECT iptables -F 全清掉了</p>

<p>Linux防火墙Iptable如何设置只允许某个ip访问80端口，只允许特定ip访问某端口？参考下面命令，只允许46.166.150.22访问本机的80端口。如果要设置其他ip或端口，改改即可。</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">TCP</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">46.166</span><span style="color:#0000cf;font-weight:bold">.150</span><span style="color:#0000cf;font-weight:bold">.22</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">TCP</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
</code></pre></div>
<p>在root用户下执行上面2行命令后，重启iptables， service iptables restart</p>

<p>查看iptables是否生效：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000;font-weight:bold">[</span><span style="color:#000">root</span><span style="color:#a40000">@</span><span style="color:#000">www</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">xxx</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">com</span><span style="color:#000;font-weight:bold">]</span><span style="color:#a40000">#</span> <span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">L</span>
<span style="color:#000">Chain</span> <span style="color:#000">INPUT</span> <span style="color:#000;font-weight:bold">(</span><span style="color:#000">policy</span> <span style="color:#000">ACCEPT</span><span style="color:#000;font-weight:bold">)</span>
<span style="color:#000">target</span>      <span style="color:#000">prot</span> <span style="color:#000">opt</span> <span style="color:#000">source</span>        <span style="color:#000">destination</span>
<span style="color:#000">ACCEPT</span>   <span style="color:#000">tcp</span> <span style="color:#a40000">–</span> <span style="color:#0000cf;font-weight:bold">46.166</span><span style="color:#0000cf;font-weight:bold">.150</span><span style="color:#0000cf;font-weight:bold">.22</span>  <span style="color:#000">anywhere</span>      <span style="color:#000">tcp</span> <span style="color:#000">dpt</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">http</span>
<span style="color:#000">DROP</span>     <span style="color:#000">tcp</span> <span style="color:#a40000">–</span> <span style="color:#000">anywhere</span>       <span style="color:#000">anywhere</span>      <span style="color:#000">tcp</span> <span style="color:#000">dpt</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">http</span>
 
<span style="color:#000">Chain</span> <span style="color:#000">FORWARD</span> <span style="color:#000;font-weight:bold">(</span><span style="color:#000">policy</span> <span style="color:#000">ACCEPT</span><span style="color:#000;font-weight:bold">)</span>
<span style="color:#000">target</span>   <span style="color:#000">prot</span> <span style="color:#000">opt</span> <span style="color:#000">source</span>        <span style="color:#000">destination</span>
 
<span style="color:#000">Chain</span> <span style="color:#000">OUTPUT</span> <span style="color:#000;font-weight:bold">(</span><span style="color:#000">policy</span> <span style="color:#000">ACCEPT</span><span style="color:#000;font-weight:bold">)</span>
<span style="color:#000">target</span>   <span style="color:#000">prot</span> <span style="color:#000">opt</span> <span style="color:#000">source</span>        <span style="color:#000">destination</span>
</code></pre></div>
<p>上面命令是针对整个服务器（全部ip）禁止80端口，如果只是需要禁止服务器上某个ip地址的80端口，怎么办？</p>

<p>下面的命令是只允许来自174.140.3.190的ip访问服务器上216.99.1.216的80端口</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">FORWARD</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">174.140</span><span style="color:#0000cf;font-weight:bold">.3</span><span style="color:#0000cf;font-weight:bold">.190</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">216.99</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.216</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">FORWARD</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">216.99</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.216</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>更多iptables参考命令如下：</p>

<p>1.先备份iptables</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#a40000">#</span> <span style="color:#000">cp</span> <span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#000">etc</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#000">sysconfig</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#204a87;font-weight:bold">var</span><span style="color:#a40000">/</span><span style="color:#a40000">t</span><span style="color:#a40000">m</span><span style="color:#a40000">p</span>
</code></pre></div>
<p>需要开80端口，指定IP和局域网</p>

<p>下面三行的意思：</p>

<p>先关闭所有的80端口</p>

<p>开启ip段192.168.1.0/24端的80口</p>

<p>开启ip段211.123.16.123/24端ip段的80口</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#a40000">#</span> <span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#a40000">#</span> <span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">24</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#a40000">#</span> <span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">211.123</span><span style="color:#0000cf;font-weight:bold">.16</span><span style="color:#0000cf;font-weight:bold">.123</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">24</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
</code></pre></div>
<p>以上是临时设置。</p>

<p>2.然后保存iptables</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#a40000">#</span> <span style="color:#000">service</span> <span style="color:#000">iptables</span> <span style="color:#000">save</span>
</code></pre></div>
<p>3.重启防火墙</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#a40000">#</span><span style="color:#000">service</span> <span style="color:#000">iptables</span> <span style="color:#000">restart</span>
</code></pre></div>
<p>以下是端口，先全部封再开某些的IP</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">9889</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">INPUT</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">24</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">9889</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
</code></pre></div>
<p>如果用了NAT转发记得配合以下才能生效</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">FORWARD</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">FORWARD</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">24</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
</code></pre></div>
<p>常用的IPTABLES规则如下：</p>

<p>只能收发邮件，别的都关闭</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">0</span><span style="color:#000">F</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">EA</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">25</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">51</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">37</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">0</span><span style="color:#000">F</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">EA</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">25</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">51</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">37</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">udp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">53</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">0</span><span style="color:#000">F</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">EA</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">25</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">51</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">37</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">25</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">0</span><span style="color:#000">F</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">EA</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">25</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">51</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">37</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">110</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
</code></pre></div>
<p>IPSEC NAT 策略</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">PFWanPriv</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.100</span><span style="color:#0000cf;font-weight:bold">.2</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">t</span> <span style="color:#000">nat</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">PREROUTING</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">$INTERNET_ADDR</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DNAT</span> <span style="color:#a40000">–</span><span style="color:#000">to</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">destination</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.100</span><span style="color:#0000cf;font-weight:bold">.2</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">80</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">t</span> <span style="color:#000">nat</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">PREROUTING</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">1723</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">$INTERNET_ADDR</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DNAT</span> <span style="color:#a40000">–</span><span style="color:#000">to</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">destination</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.100</span><span style="color:#0000cf;font-weight:bold">.2</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">1723</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">t</span> <span style="color:#000">nat</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">PREROUTING</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">udp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">1723</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">$INTERNET_ADDR</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DNAT</span> <span style="color:#a40000">–</span><span style="color:#000">to</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">destination</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.100</span><span style="color:#0000cf;font-weight:bold">.2</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">1723</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">t</span> <span style="color:#000">nat</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">PREROUTING</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">udp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">500</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">$INTERNET_ADDR</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DNAT</span> <span style="color:#a40000">–</span><span style="color:#000">to</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">destination</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.100</span><span style="color:#0000cf;font-weight:bold">.2</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">500</span> 
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">t</span> <span style="color:#000">nat</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">PREROUTING</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">udp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">4500</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">$INTERNET_ADDR</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DNAT</span> <span style="color:#a40000">–</span><span style="color:#000">to</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">destination</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.100</span><span style="color:#0000cf;font-weight:bold">.2</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">4500</span>
</code></pre></div>
<p>FTP服务器的NAT</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">PFWanPriv</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">21</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">t</span> <span style="color:#000">nat</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">PREROUTING</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">21</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">$INTERNET_ADDR</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DNAT</span> <span style="color:#a40000">–</span><span style="color:#000">to</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">destination</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">21</span>
</code></pre></div>
<p>只允许访问指定网址</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">udp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">53</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">53</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">www</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">ctohome</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">com</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">www</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">guowaivps</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">com</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>开放一个IP的一些端口，其它都封闭</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">www</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">pconline</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">com</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">cn</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">25</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">109</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">110</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">53</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">udp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">53</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>多个端口</p>

<p>复制代码 代码如下:</p>

<p>iptables -A Filter -p tcp -m multiport –destination-port 22,53,80,110 -s 192.168.20.3 -j REJECT</p>

<p>连续端口</p>

<p>复制代码 代码如下:</p>

<p>iptables -A Filter -p tcp -m multiport –source-port 22,53,80,110 -s 192.168.20.3 -j REJECT iptables -A Filter -p tcp –source-port 2:80 -s 192.168.20.3 -j REJECT</p>

<p>指定时间上网</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">10.10</span><span style="color:#0000cf;font-weight:bold">.10</span><span style="color:#0000cf;font-weight:bold">.253</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">time</span> <span style="color:#a40000">–</span><span style="color:#000">timestart</span> <span style="color:#0000cf;font-weight:bold">6</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">00</span> <span style="color:#a40000">–</span><span style="color:#000">timestop</span> <span style="color:#0000cf;font-weight:bold">11</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">00</span> <span style="color:#a40000">–</span><span style="color:#000">days</span> <span style="color:#000">Mon</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Tue</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Wed</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Thu</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Fri</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Sat</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Sun</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">time</span> <span style="color:#a40000">–</span><span style="color:#000">timestart</span> <span style="color:#0000cf;font-weight:bold">12</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">00</span> <span style="color:#a40000">–</span><span style="color:#000">timestop</span> <span style="color:#0000cf;font-weight:bold">13</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">00</span> <span style="color:#a40000">–</span><span style="color:#000">days</span> <span style="color:#000">Mon</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Tue</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Wed</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Thu</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Fri</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Sat</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Sun</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">time</span> <span style="color:#a40000">–</span><span style="color:#000">timestart</span> <span style="color:#0000cf;font-weight:bold">17</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">30</span> <span style="color:#a40000">–</span><span style="color:#000">timestop</span> <span style="color:#0000cf;font-weight:bold">8</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">30</span> <span style="color:#a40000">–</span><span style="color:#000">days</span> <span style="color:#000">Mon</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Tue</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Wed</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Thu</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Fri</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Sat</span><span style="color:#000;font-weight:bold">,</span><span style="color:#000">Sun</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
</code></pre></div>
<p>禁止多个端口服务</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">multiport</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">21</span><span style="color:#000;font-weight:bold">,</span><span style="color:#0000cf;font-weight:bold">23</span><span style="color:#000;font-weight:bold">,</span><span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
</code></pre></div>
<p>将WAN 口NAT到PC</p>

<p>复制代码 代码如下:</p>

<p>iptables -t nat -A PREROUTING -i $INTERNET_IF -d $INTERNET_ADDR -j DNAT –to-destination 192.168.0.1</p>

<p>将WAN口8000端口NAT到192。168。100。200的80端口</p>

<p>复制代码 代码如下:</p>

<p>iptables -t nat -A PREROUTING -p tcp –dport 8000 -d $INTERNET_ADDR -j DNAT –to-destination 192.168.1.22:80</p>

<p>MAIL服务器要转的端口</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">t</span> <span style="color:#000">nat</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">PREROUTING</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">110</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">$INTERNET_ADDR</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DNAT</span> <span style="color:#a40000">–</span><span style="color:#000">to</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">destination</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">110</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">t</span> <span style="color:#000">nat</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">PREROUTING</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">25</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#000">$INTERNET_ADDR</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DNAT</span> <span style="color:#a40000">–</span><span style="color:#000">to</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">destination</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">25</span>
</code></pre></div>
<p>只允许PING 202。96。134。133,别的服务都禁止</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">icmp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">202.96</span><span style="color:#0000cf;font-weight:bold">.134</span><span style="color:#0000cf;font-weight:bold">.133</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>禁用BT配置</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#a40000">–</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#a40000">–</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">6000</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">20000</span> <span style="color:#a40000">–</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>禁用QQ防火墙配置</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">udp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#ce5c00;font-weight:bold">!</span> <span style="color:#0000cf;font-weight:bold">53</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">218.17</span><span style="color:#0000cf;font-weight:bold">.209</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">24</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">218.18</span><span style="color:#0000cf;font-weight:bold">.95</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">24</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">219.133</span><span style="color:#0000cf;font-weight:bold">.40</span><span style="color:#0000cf;font-weight:bold">.177</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>基于MAC，只能收发邮件，其它都拒绝</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">0</span><span style="color:#000">A</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">EB</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">97</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">79</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">A1</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">0</span><span style="color:#000">A</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">EB</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">97</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">79</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">A1</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">25</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">0</span><span style="color:#000">A</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">EB</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">97</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">79</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">A1</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">110</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
</code></pre></div>
<p>禁用MSN配置</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">udp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">9</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">1863</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">207.68</span><span style="color:#0000cf;font-weight:bold">.178</span><span style="color:#0000cf;font-weight:bold">.238</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">207.46</span><span style="color:#0000cf;font-weight:bold">.110</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#ce5c00;font-weight:bold">/</span><span style="color:#0000cf;font-weight:bold">24</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>只允许PING 202。96。134。133 其它公网IP都不许PING</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">icmp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.1</span><span style="color:#0000cf;font-weight:bold">.22</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">d</span> <span style="color:#0000cf;font-weight:bold">202.96</span><span style="color:#0000cf;font-weight:bold">.134</span><span style="color:#0000cf;font-weight:bold">.133</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">icmp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>禁止某个MAC地址访问internet:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">20</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">18</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">8</span><span style="color:#000">F</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">72</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">F8</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>禁止某个IP地址的PING:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#a40000">–</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#a40000">–</span><span style="color:#000">p</span> <span style="color:#000">icmp</span> <span style="color:#a40000">–</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.1</span> <span style="color:#a40000">–</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>禁止某个IP地址服务：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#a40000">–</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.1</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
<span style="color:#000">iptables</span> <span style="color:#a40000">–</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">udp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.1</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">53</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>只允许某些服务，其他都拒绝(2条规则)</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.1</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">1000</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>禁止某个IP地址的某个端口服务</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">10.10</span><span style="color:#0000cf;font-weight:bold">.10</span><span style="color:#0000cf;font-weight:bold">.253</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">ACCEPT</span>
<span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">10.10</span><span style="color:#0000cf;font-weight:bold">.10</span><span style="color:#0000cf;font-weight:bold">.253</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>禁止某个MAC地址的某个端口服务</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">p</span> <span style="color:#000">tcp</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">20</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">18</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">8</span><span style="color:#000">F</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">72</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#000">F8</span> <span style="color:#a40000">–</span><span style="color:#000">dport</span> <span style="color:#0000cf;font-weight:bold">80</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>禁止某个MAC地址访问internet:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">I</span> <span style="color:#000">Filter</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">m</span> <span style="color:#000">mac</span> <span style="color:#a40000">–</span><span style="color:#000">mac</span><span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">source</span> <span style="color:#0000cf;font-weight:bold">00</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">11</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">22</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">33</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">44</span><span style="color:#ce5c00;font-weight:bold">:</span><span style="color:#0000cf;font-weight:bold">55</span> <span style="color:#ce5c00;font-weight:bold">-</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>禁止某个IP地址的PING:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-javascript" data-lang="javascript"><span style="color:#000">iptables</span> <span style="color:#a40000">–</span><span style="color:#000">A</span> <span style="color:#000">Filter</span> <span style="color:#a40000">–</span><span style="color:#000">p</span> <span style="color:#000">icmp</span> <span style="color:#a40000">–</span><span style="color:#000">s</span> <span style="color:#0000cf;font-weight:bold">192.168</span><span style="color:#0000cf;font-weight:bold">.0</span><span style="color:#0000cf;font-weight:bold">.1</span> <span style="color:#a40000">–</span><span style="color:#000">j</span> <span style="color:#000">DROP</span>
</code></pre></div>
<p>以上就是本文的全部内容，希望对大家的学习有所帮助。</p>

    </div>
    <footer class="post-footer">
     

     <div class="post-nav">
    <div class="post-nav-next post-nav-item">
    
        <a href="http://www.shutdown.cn/post/idea%E5%88%A0%E9%99%A4%E5%A4%9A%E8%A1%8C/" rel="next" title="">
        <i class="fa fa-chevron-left"></i> 
        </a>
    
    </div>

    <div class="post-nav-prev post-nav-item">
    
        <a href="http://www.shutdown.cn/post/java%E5%A4%9A%E7%BA%BF%E7%A8%8B%E7%BC%96%E7%A8%8B%E6%A0%B8%E5%BF%83%E6%8A%80%E6%9C%AF01-java%E5%A4%9A%E7%BA%BF%E7%A8%8B%E6%8A%80%E8%83%BD/" rel="prev" title="">
         <i class="fa fa-chevron-right"></i>
        </a>
    
    </div>
</div>
      
     
     
     






    </footer>
  </article>
</section>

          </div>
        </div>
        <div class="sidebar-toggle">
  <div class="sidebar-toggle-line-wrap">
    <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
    <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
    <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
  </div>
</div>
<aside id="sidebar" class="sidebar">
  <div class="sidebar-inner">

    <section class="site-overview sidebar-panel  sidebar-panel-active ">
      <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image"
        src="http://www.shutdown.cn/img/author.jpg"
        alt="不与天斗Domino" />
    <p class="site-author-name" itemprop="name">不与天斗Domino</p>
    <p class="site-description motion-element" itemprop="description"> 
        Programmer &amp; Architect</p>
</div>
      <nav class="site-state motion-element">
    <div class="site-state-item site-state-posts">
      <a href="http://www.shutdown.cn/post/">
        <span class="site-state-item-count">172</span>
        <span class="site-state-item-name">日志</span>
      </a>
    </div>
    <div class="site-state-item site-state-categories">    
        <a href="http://www.shutdown.cn/categories/">      
         
        <span class="site-state-item-count">10</span>
        
        <span class="site-state-item-name">分类</span>
        
        </a>
    </div>

    <div class="site-state-item site-state-tags">
        <a href="http://www.shutdown.cn/tags/">
         
        <span class="site-state-item-count">96</span>
        
        <span class="site-state-item-name">标签</span>
        </a>
    </div>
</nav>
      
      

      

      <div class="links-of-blogroll motion-element inline">
<script type="text/javascript" src="//rf.revolvermaps.com/0/0/8.js?i=&amp;m=0&amp;s=220&amp;c=ff0000&amp;cr1=ffffff&amp;f=arial&amp;l=33&amp;bv=35" async="async"></script>
</div>

    </section>
    
  </div>
</aside>

      </div>
    </main>
   
    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright" >
  <span itemprop="copyrightYear">  &copy; 
  2013 - 2022</span>
  <span class="with-love"><i class="fa fa-heart"></i></span>
  <span class="author" itemprop="copyrightHolder">天地维杰网</span>
  <span class="icp" itemprop="copyrightHolder"><a href="https://beian.miit.gov.cn/" target="_blank">京ICP备13019191号-1</a></span>
</div>
<div class="powered-by">
  Powered by - <a class="theme-link" href="http://gohugo.io" target="_blank" title="hugo" >Hugo v0.63.2</a>
</div>
<div class="theme-info">
  Theme by - <a class="theme-link" href="https://github.com/xtfly/hugo-theme-next" target="_blank"> NexT
  </a>
</div>


      </div>
    </footer>

    <div class="back-to-top">
      <i class="fa fa-arrow-up"></i>
      <span id="scrollpercent"><span>0</span>%</span>
    </div>
  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/jquery/index.js?v=2.1.3"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/fastclick/lib/fastclick.min.js?v=1.0.6"></script> 
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/velocity/velocity.min.js?v=1.2.1"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/velocity/velocity.ui.min.js?v=1.2.1"></script>
<script src="http://www.shutdown.cn/js/vendor/ua-parser-js/dist/ua-parser.min.js?v=0.7.9"></script>

<script src="http://www.shutdown.cn/js/vendor/fancybox/jquery.fancybox.pack.js?v=2.1.5"></script>

<script type="text/javascript" src="http://www.shutdown.cn/js/utils.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/motion.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/affix.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/schemes/pisces.js"></script>

<script type="text/javascript" src="http://www.shutdown.cn/js/scrollspy.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/post-details.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/toc.js"></script>

<script type="text/javascript" src="http://www.shutdown.cn/js/bootstrap.js"></script>

<script type="text/javascript" src="http://www.shutdown.cn/js/search.js"></script>
<script type="text/x-mathjax-config">
  MathJax.Hub.Config({
    extensions: ["tex2jax.js"],
    jax: ["input/TeX", "output/HTML-CSS"],
    tex2jax: {
      inlineMath: [ ['$','$'] ],
      displayMath: [ ['$$','$$'] ],
      processEscapes: true
    },
    "HTML-CSS": { fonts: ["TeX"] }
  });
</script>
<script src='https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-AMS-MML_HTMLorMML' async></script>
</body>
</html>